summaryrefslogblamecommitdiffstats
path: root/modules-available/usblockoff/page.inc.php
blob: 5e1b27b443fdfe002b16c33652540fe35e0c6832 (plain) (tree) 
56adda04 ^




186515ab ^



56adda04 ^




186515ab ^


56adda04 ^







879b0098 ^

56adda04 ^






56adda04 ^





186515ab ^


879b0098 ^



















56adda04 ^


186515ab ^


56adda04 ^







879b0098 ^

56adda04 ^


186515ab ^


879b0098 ^

56adda04 ^





c68121f0 ^

56adda04 ^



186515ab ^


c68121f0 ^

56adda04 ^





































186515ab ^


56adda04 ^




c68121f0 ^

56adda04 ^

186515ab ^



56adda04 ^


186515ab ^




56adda04 ^

c68121f0 ^

56adda04 ^


879b0098 ^










56adda04 ^

879b0098 ^




56adda04 ^


879b0098 ^

186515ab ^

56adda04 ^

77c3db5c ^

56adda04 ^

186515ab ^

56adda04 ^


56adda04 ^




56adda04 ^























879b0098 ^

56adda04 ^

a998402d ^



879b0098 ^














a998402d ^

56adda04 ^


879b0098 ^


c68121f0 ^
























c68121f0 ^


c68121f0 ^



186515ab ^


77c3db5c ^

56adda04 ^

c68121f0 ^


56adda04 ^



186515ab ^

56adda04 ^


186515ab ^









56adda04 ^





186515ab ^








56adda04 ^



186515ab ^




56adda04 ^

56adda04 ^





77c3db5c ^





5a428cbd ^

77c3db5c ^






























5a428cbd ^

77c3db5c ^

77c3db5c ^

77c3db5c ^


77c3db5c ^





56adda04 ^

1
2
3
4

5
6
7

8
9
10
11

12
13

14
15
16
17
18
19
20

21

22
23
24
25
26
27

28
29
30
31
32

33
34

35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

54
55

56
57

58
59
60
61
62
63
64

65

66
67

68
69

70

71
72
73
74
75

76

77
78
79

80
81

82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

120
121

122
123
124
125

126

127

128
129
130

131
132

133
134
135
136

137

138

139
140

141
142
143
144
145
146
147
148
149
150

151

152
153
154
155

156
157

158

159

160

161

162

163

164
165

166
167
168
169

170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

193

194

195
196
197

198
199
200
201
202
203
204
205
206
207
208
209
210
211

212

213
214

215
216

217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240

241
242

243
244
245

246
247

248

249

250
251

252
253
254

255

256
257

258
259
260
261
262
263
264
265
266

267
268
269
270
271

272
273
274
275
276
277
278
279

280
281
282

283
284
285
286

287

288
289
290
291
292

293
294
295
296
297

298

299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328

329

330

331

332
333

334
335
336
337
338

339




                              


                                  



                                                                                         

                                         






                                                                      
                                                       





                                                             




                                                                                        

                                     


















                                                                                                                            

         

                                              






                                                                                                   
                                                                                                               

         

                                         
                                                         




                                                                                                                             
                                                      


                                                 

                                         
                                                                                             




































                                                                                                                      

                                                                                    



                               
                                                               
                                                                                                                                                                        


                                                                                    

                                                                                                                                                                                   



                                                                                    
                 
                                                    

         









                                                                                                                              
                 



                                                               

         
                                              
         
                                
                                  
 
                               

                                               



                                                                                                                              






















                                                                                                   
                                                                
                                                      


                   













                                                             
                 

         

 























                                                                                                              

                                                                 


                   

                                         
                                                        
 

                                                        


                                             
                                                      

                                            








                                                     




                                                                                                              







                                                     


                                                                                                                                            



                                                                                                                                 
                 




                                                             




                                                                                                      
                         





























                                                                                                                                                                                            
                                                
                                                                                         
                                                             

                                                                             




                                                
 
<?php
$glob3 = 'globale Variable 3';
$name = 'testname';
$logedIn = true;

class Page_usblockoff extends Page
{

	/**
	 * Called before any page rendering happens - early hook to check parameters etc.
	 */
	protected function doPreprocess()
	{
		User::load();

		if (!User::isLoggedIn()) {
			Message::addError('main.no-permission');
			Util::redirect('?do=Main'); // does not return
		}

		$this->action = Request::any('action');

		if ($this->action === 'updateConfig') {
			$this->updateConfig();
		} elseif ($this->action === 'deleteConfig') {
			$this->deleteConfig();
		}
	}

	/**
	 * Menu etc. has already been generated, now it's time to generate page content.
	 */
	protected function doRender()
	{
		$show = Request::get("show", "config-table");
		if ($show === "config-table") {
			$this->loadConfigChooser();
		} else if ($show === "edit-config") {
			$configid = Request::get("configid", "");
			$configName = Database::queryFirst("SELECT configname FROM `usb_configs` WHERE configid=:id", array(
				'id' => $configid
			));

			$rulesConfigHtml = $this->loadRulesConfig($configid);
			$daemonConfigHtml = $this->loadDaemonConfig($configid);

			Render::addTemplate('usb-edit-config', array(
				'configid' => $configid,
				'configName' => $configName['configname'],
				'rulesConfigHtml' => $rulesConfigHtml,
				'daemonConfigHtml' => $daemonConfigHtml
			));
		}
	}

	protected function loadConfigChooser()
	{
		$dbquery = Database::simpleQuery("SELECT configid, configname FROM `usb_configs`");
		$configs = array();
		while ($dbentry = $dbquery->fetch(PDO::FETCH_ASSOC)) {
			$config['config_id'] = $dbentry['configid'];
			$config['config_name'] = $dbentry['configname'];
			$configs[] = $config;
		}
		Render::addTemplate('usb-configuration-table', array('config_list' => array_values($configs)));
	}

	protected function deleteConfig()
	{
		$configID = Request::any('id', 0, 'int');

		if ($configID != 0) {
			Database::exec("DELETE FROM `usb_configs` WHERE configid=:configid", array('configid' => $configID));
		}

		Message::addSuccess('config-deleted');
		Util::redirect('?do=usblockoff');
	}

	protected function updateConfig()
	{
		$result['saveAsNewConfig'] = Request::post('saveAsNewConfig', false, 'bool');
		// Add new settings in usbguard-daemon.conf here:
		$result['RuleFile'] = Request::post('RuleFile', '', 'string');
		$result['ImplicitPolicyTarget'] = Request::post('ImplicitPolicyTarget', '', 'string');
		$result['PresentDevicePolicy'] = Request::post('PresentDevicePolicy', '', 'string');
		$result['PresentControllerPolicy'] = Request::post('PresentControllerPolicy', '', 'string');
		$result['InsertedDevicePolicy'] = Request::post('InsertedDevicePolicy', '', 'string');
		$result['RestoreControllerDeviceState'] = Request::post('RestoreControllerDeviceState', '', 'string');
		$result['DeviceManagerBackend'] = Request::post('DeviceManagerBackend', '', 'string');
		$result['IPCAllowedUsers'] = Request::post('IPCAllowedUsers', '', 'string');
		$result['IPCAllowedGroups'] = Request::post('IPCAllowedGroups', '', 'string');
		$result['IPCAccessControlFiles'] = Request::post('IPCAccessControlFiles', '', 'string');
		$result['DeviceRulesWithPort'] = Request::post('DeviceRulesWithPort', '', 'string');
		$result['AuditFilePath'] = Request::post('AuditFilePath', '', 'string');
		$result['rules'] = Request::post('rules', '', 'string');

		$id = Request::post('id', 0, 'int');
		$configname = Request::post('configName', '', 'string');
		$dbquery = Database::queryFirst("SELECT * FROM `usb_configs` WHERE configid=:id", array('id' => $id));

		// Load daemon.conf from db else load default
		if ($dbquery !== false) {
			$daemonConf = explode("\r\n", $dbquery['daemonconfig']);
		} else {
			$currentdir = getcwd();
			$file = $currentdir . '/modules/usblockoff/inc/default-configs/usbguard-daemon.conf';
			$daemonConf = file($file);
		}
		$newDaemonConf = array();

		foreach ($daemonConf as $line) {
			$t_line = trim($line, "\r\n");
			if ($t_line == '' || $t_line[0] == '#') {
				$newDaemonConf[] = $line . "\r\n";
				continue;
			} else {
				$splitstr = explode('=', $line);

				$splitstr[1] = $result[$splitstr[0]];
				$newDaemonConf[] = implode('=', $splitstr) . "\r\n";
			}
		}

		// INSERT IN DB
		if ($id == '0' || $result['saveAsNewConfig']) {
			$dbquery = Database::exec("INSERT INTO `usb_configs` (configname, rulesconfig, daemonconfig) VALUES (:configname, :rulesconfig, :daemonconfig)",
				array('configname' => $configname,
					'rulesconfig' => $result['rules'],
					'daemonconfig' => implode($newDaemonConf)));
		} else {
			$dbquery = Database::exec("UPDATE `usb_configs` SET configname=:configname, rulesconfig=:rulesconfig, daemonconfig=:daemonconfig WHERE configid=:configid",
				array('configid' => $id,
					'configname' => $configname,
					'rulesconfig' => $result['rules'],
					'daemonconfig' => implode($newDaemonConf)));
		}
		Message::addSuccess('config-saved');
	}

	private function loadRulesConfig($id) {
		$rulesConf = null;

		if ($id == 0) {
			$currentdir = getcwd();

			$rulesConf = file_get_contents($currentdir . '/modules/usblockoff/inc/default-configs/rules.conf');
		} else {
			$dbquery = Database::queryFirst("SELECT * FROM `usb_configs` WHERE configid=:id", array('id' => $id));
			$rulesConf = $dbquery['rulesconfig'];
		}

		return Render::parse('usb-rules-config', array(
			'rules' => $rulesConf,
		));
	}

	private function loadDaemonConfig($id)
	{
		$form = array();
		$rulesConf = null;

		if ($id == 0) {
			$currentdir = getcwd();

			$daemonConf = file($currentdir . '/modules/usblockoff/inc/default-configs/usbguard-daemon.conf');
		} else {
			$dbquery = Database::queryFirst("SELECT * FROM `usb_configs` WHERE configid=:id", array('id' => $id));
			$daemonConf = explode("\r\n", $dbquery['daemonconfig']);
		}

		$element = array();
		$hlptxt = '';

		foreach ($daemonConf as $line) {
			$t_line = trim($line, "\r\n");
			if ($t_line == '#' || $t_line == '' || strpos($t_line, '#!!!') !== false) {
				continue;
			} elseif ($t_line[0] == '#') {
				$ttxt = trim($line, "#");
				$hlptxt .= $ttxt . '<br>';
			} else {
				$splitstr = explode('=', $t_line);
				$element['name'] = $splitstr[0];
				$element['value'] = $splitstr[1];
				$element['helptext'] = $hlptxt;

				$form[] = $element;
				$hlptxt = '';
			}
		}

		return Render::parse('usb-daemon-config', array(
			'list' => array_values($form),
		));
	}

	/**
	 * AJAX
	 */
	protected function doAjax()
	{
		User::load();
		if (!User::isLoggedIn()) {
			die('Unauthorized');
		}
		$action = Request::any('action');
		if ($action === 'deviceList') {
			$this->ajaxDeviceList();
		} elseif ($action === 'genericRuleBuilder') {
			$this->ajaxGenericRuleBuilder();
		}
	}



	private function ajaxGenericRuleBuilder() {
		$settings = array();

		// TODO: Translate Operator Action etc..

		$setting = array();
		$setting['title'] = "Action";
		$setting['select_list'] = array(array(
			'option' => 'allow',
			'active' => true,
		),
			array(
				'option' => 'block',
				'active' => false,
			),
			array(
				'option' => 'reject',
				'active' => false,
			));
		$setting['helptext'] = array('helptext' => Dictionary::translateFile('rule', 'abr_helptext'));
		$setting['property'] = 'action';
		$setting['settingHtml'] = Render::parse('server-prop-dropdown', (array)$setting);
		$settings[] = $setting;

		echo Render::parse('usb-add-generic-rule', array(
			'settings' => array_values($settings),
		));
	}

	private function ajaxDeviceList()
	{
		$usbdevices = $this->getUsbDeviceList();

		// TODO: Translate Operator Action etc..

		$settings = array();
		$setting = array();
		$setting['title'] = "Action";
		$setting['select_list'] = array(array(
			'option' => 'allow',
			'active' => true,
		),
			array(
				'option' => 'block',
				'active' => false,
			),
			array(
				'option' => 'reject',
				'active' => false,
			));
		$setting['helptext'] = array('helptext' => Dictionary::translateFile('rule', 'abr_helptext'));
		$setting['property'] = 'action';
		$setting['settingHtml'] = Render::parse('server-prop-dropdown', (array)$setting);
		$settings[] = $setting;

		$ruleValues = array('id' => true,
			'serial' => true,
			'name' => true,
			'hash' => false,
			'parent-hash' => false,
			'via-port' => false,
			'with-interface' => false,
			'interface-policy' => false);
		foreach ($ruleValues as $key => $value) {
			$settings[] = array(
				'settingHtml' => Render::parse('server-prop-bool', array('title' => Dictionary::translateFile('rule', $key),
					'helptext' => array('helptext' => Dictionary::translateFile('rule', $key . "_helptext")),
					'property' => $key,
					'currentvalue' => $value)),
			);
		}
		echo Render::parse('usb-device-list', array(
			'list' => array_values($usbdevices),
			'settings' => array_values($settings)
		));
	}

	private function getUsbDeviceList() {
		$usbdevices = array();

		// TODO: Per USB Device 3 querys are executed.. better build a more complex sql query?
		$uid = 0;
		$dbquery = Database::simpleQuery("SELECT * FROM `usblockoff_hw`");
		while ($entry = $dbquery->fetch(PDO::FETCH_ASSOC)) {

			$device = array();

			// Get all props from the hw table.
			$dbquery2 = Database::simpleQuery("SELECT * FROM `statistic_hw_prop` WHERE hwid=:hwid", array(
				'hwid' => $entry['hwid']
			));

			while ($prop = $dbquery2->fetch(PDO::FETCH_ASSOC)) {
				$device[$prop['prop']] = $prop['value'];
			}

			// Get all props from the device table.
			$dbquery3 = Database::simpleQuery("SELECT * FROM `usblockoff_hw_prop` WHERE hwid=:hwid AND serial=:serial", array(
				'hwid' => $entry['hwid'],
				'serial' => $entry['serial']
			));

			while ($prop = $dbquery3->fetch(PDO::FETCH_ASSOC)) {
				$device[$prop['prop']] = $prop['value'];
			}
			if (!empty($device['machineuuid'])) {
				$locationquery = Database::queryFirst("SELECT l.locationname AS 'name', m.clientip AS 'ip' FROM machine AS m JOIN location AS l ON l.locationid=m.locationid
				 WHERE m.machineuuid=:machineuuid", array('machineuuid' => $entry['machineuuid']));
				$device['clientip'] = $locationquery['ip'];
				$device['location'] = $locationquery['name'];
			}

			$device['uid'] = ++$uid;
			$device['id'] = $device['vendorid'] . ":" . $device['productid'];
			$device['serial'] = $entry['serial'];
			$device['date'] = date('d.m.Y', $device['lastseen']);
			$device['time'] = date('G:i', $device['lastseen']);
			$usbdevices[] = $device;
		}

		return $usbdevices;
	}
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-06 10:29:39 +0200